BYOD Policies Are Being Ignored

One of the intuitive responses to Bring Your Own Device (BYOD) concerns is that it is important for organizations to have prudent and well-publicized policies in place to clarify necessary information for users, including mitigating dangers and ensuring that everybody knows who pays for services.

Of course, this makes sense, but it may be difficult to do. Respecting the rights of employees and organizations is a tough balancing act. Perhaps this is why BYOD policies are not being followed as much as they should – or as much as they were in the past. TEKsystems recently released a survey that suggests a lot of the people who should be paying attention to policies aren’t, and that the number of workers bypassing policies is growing.

Even more troubling, the survey found that 64 percent of IT professionals said that their organization has no official BYOD policy, and that percentage rose from 43 percent in 2013.

Things remain tricky even among those companies with policies. Just because an organization has a set of policies, doesn’t mean that they are good or will be used. A PC World story on BYOD security suggests that employers and employees seem to have developed a cavalier attitude toward the risks involved. The increasing portion of organizations that don’t feel the need to implement policies is a part of this overall trend, not an exception. In general, the story says, people seem to be throwing around data pretty freely:

What is concerning is that half of US employees report storing work-related data on their personal mobile device(s)—even when there is no BYOD policy. The number is nearly 60 percent among those who are connecting to company networks through BYOD. Based on the survey responses, employees with higher educations and/or higher incomes also have a higher rate of storing work data on their personal devices.

According to PCWorld, only about 30 percent use a PIN and almost 40 percent have no security in place. Although, of the ones who use them, 44.3 percent do use a complex password.

Another survey touching on the topic was released in mid September. Email security firm ZixCorp looked at employees’ reaction to BYOD policies. Key findings for those designing policies are that employees don’t want companies to have control of their devices, policies may increase the time between when an employee loses their device and when he or she reports it, privacy invasion is a key fear, tracking is seen as less extreme than wiping a phone, and employees are “extremely attached” to what is on their phones.

Corporate mobility policies have been around for years, but today, they must change as fluidly and quickly as the devices they seek to control. BYOD brings an entirely new set of variables to the table. Unless policies are written with these concerns in mind, they will be ineffective, or worse, simply ignored.

Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at cweinsch@optonline.net and via twitter at @DailyMusicBrk.